libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

Move LDAP REST Endpoints to LDAP package

Browse source 
- Thus remove implicit dependency on services on the legacy modules
- Disable tests for LDAP/Kerberos that won't work when map storage is enabled
This commit is contained in:
Alexander Schwartz 2022-05-18 10:53:21 +02:00 committed by Hynek Mlnařík
parent 1bc6133e4e
commit 08bbb1fb92
25 changed files with 408 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml
View file

@ -33,6 +33,7 @@
<module name="org.keycloak.keycloak-model-legacy"/>
<module name="org.keycloak.keycloak-model-legacy-private"/>
<module name="org.keycloak.keycloak-model-legacy-services"/>
<module name="org.keycloak.keycloak-services"/>
<module name="javax.ws.rs.api"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="org.jboss.logging"/>

1
distribution/galleon-feature-packs/server-galleon-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-ldap-federation/main/module.xml
View file

@ -33,6 +33,7 @@
<module name="org.keycloak.keycloak-model-legacy"/>
<module name="org.keycloak.keycloak-model-legacy-private"/>
<module name="org.keycloak.keycloak-model-legacy-services"/>
<module name="org.keycloak.keycloak-services"/>
<module name="javax.ws.rs.api"/>
<module name="org.jboss.resteasy.resteasy-jaxrs"/>
<module name="org.jboss.logging"/>

4
federation/ldap/pom.xml
View file

@ -80,6 +80,10 @@
<groupId>org.keycloak</groupId>
<artifactId>keycloak-model-legacy-private</artifactId>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-services</artifactId>
</dependency>
</dependencies>
</project>

0
services/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java → federation/ldap/src/main/java/org/keycloak/services/managers/LDAPServerCapabilitiesManager.java
View file

40
federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesRealmAdminProvider.java Normal file
View file

@ -0,0 +1,40 @@
package org.keycloak.services.resources.admin;
import org.keycloak.Config.Scope;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
public class LdapServerCapabilitiesRealmAdminProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
@Override
public AdminRealmResourceProvider create(KeycloakSession session) {
return this;
}
@Override
public void init(Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return "ldap-server-capabilities";
}
@Override
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
return new LdapServerCapabilitiesResource(realm, auth, adminEvent);
}
}

87
federation/ldap/src/main/java/org/keycloak/services/resources/admin/LdapServerCapabilitiesResource.java Normal file
View file

@ -0,0 +1,87 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.LDAPCapabilityRepresentation;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.LDAPServerCapabilitiesManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.Consumes;
import javax.ws.rs.POST;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.Set;
/**
* @resource User Storage Provider
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class LdapServerCapabilitiesResource {
private static final Logger logger = Logger.getLogger(LdapServerCapabilitiesResource.class);
protected RealmModel realm;
protected AdminPermissionEvaluator auth;
protected AdminEventBuilder adminEvent;
@Context
protected ClientConnection clientConnection;
@Context
protected KeycloakSession session;
@Context
protected HttpHeaders headers;
public LdapServerCapabilitiesResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.auth = auth;
this.realm = realm;
this.adminEvent = adminEvent;
}
/**
* Get LDAP supported extensions.
* @param config LDAP configuration
* @return
*/
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
@Produces(javax.ws.rs.core.MediaType.APPLICATION_JSON)
public Response ldapServerCapabilities(TestLdapConnectionRepresentation config) {
auth.realm().requireManageRealm();
try {
Set<LDAPCapabilityRepresentation> ldapCapabilities = LDAPServerCapabilitiesManager.queryServerCapabilities(config, session, realm);
return Response.ok().entity(ldapCapabilities).build();
} catch (Exception e) {
return ErrorResponse.error("ldapServerCapabilities error", Response.Status.BAD_REQUEST);
}
}
}

40
federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionRealmAdminProvider.java Normal file
View file

@ -0,0 +1,40 @@
package org.keycloak.services.resources.admin;
import org.keycloak.Config.Scope;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
public class TestLdapConnectionRealmAdminProvider implements AdminRealmResourceProviderFactory, AdminRealmResourceProvider {
@Override
public AdminRealmResourceProvider create(KeycloakSession session) {
return this;
}
@Override
public void init(Scope config) {
}
@Override
public void postInit(KeycloakSessionFactory factory) {
}
@Override
public void close() {
}
@Override
public String getId() {
return "testLDAPConnection";
}
@Override
public Object getResource(KeycloakSession session, RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
return new TestLdapConnectionResource(realm, auth, adminEvent);
}
}

104
federation/ldap/src/main/java/org/keycloak/services/resources/admin/TestLdapConnectionResource.java Normal file
View file

@ -0,0 +1,104 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.services.resources.admin;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.cache.NoCache;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.LDAPServerCapabilitiesManager;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import javax.ws.rs.Consumes;
import javax.ws.rs.FormParam;
import javax.ws.rs.POST;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
/**
* @resource User Storage Provider
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class TestLdapConnectionResource {
private static final Logger logger = Logger.getLogger(TestLdapConnectionResource.class);
protected RealmModel realm;
protected AdminPermissionEvaluator auth;
protected AdminEventBuilder adminEvent;
@Context
protected ClientConnection clientConnection;
@Context
protected KeycloakSession session;
@Context
protected HttpHeaders headers;
public TestLdapConnectionResource(RealmModel realm, AdminPermissionEvaluator auth, AdminEventBuilder adminEvent) {
this.auth = auth;
this.realm = realm;
this.adminEvent = adminEvent;
}
/**
* Test LDAP connection
*
* @param action
* @param connectionUrl
* @param bindDn
* @param bindCredential
* @return
*/
@POST
@NoCache
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Deprecated
public Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl,
@FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential,
@FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout,
@FormParam("componentId") String componentId, @FormParam("startTls") String startTls) {
auth.realm().requireManageRealm();
TestLdapConnectionRepresentation config = new TestLdapConnectionRepresentation(action, connectionUrl, bindDn, bindCredential, useTruststoreSpi, connectionTimeout, startTls, LDAPConstants.AUTH_TYPE_SIMPLE);
config.setComponentId(componentId);
boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm);
return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST);
}
/**
* Test LDAP connection
* @return
*/
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public Response testLDAPConnection(TestLdapConnectionRepresentation config) {
boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm);
return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST);
}
}

19
federation/ldap/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory Normal file
View file

@ -0,0 +1,19 @@
#
# Copyright 2022 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
org.keycloak.services.resources.admin.TestLdapConnectionRealmAdminProvider
org.keycloak.services.resources.admin.LdapServerCapabilitiesRealmAdminProvider

17
model/legacy-services/src/main/resources/META-INF/services/org.keycloak.services.resources.admin.ext.AdminRealmResourceProviderFactory
View file

@ -1 +1,18 @@
#
# Copyright 2022 Red Hat, Inc. and/or its affiliates
# and other contributors as indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
org.keycloak.services.resources.admin.UserStorageProviderRealmAdminProvider

5
services/pom.xml
View file

@ -74,11 +74,6 @@
<artifactId>keycloak-server-spi-private</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-ldap-federation</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.twitter4j</groupId>
<artifactId>twitter4j-core</artifactId>

64
services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
View file

@ -27,7 +27,6 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@ -79,7 +78,6 @@ import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.Constants;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.ModelDuplicateException;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
@ -101,15 +99,12 @@ import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.LDAPCapabilityRepresentation;
import org.keycloak.representations.idm.ManagementPermissionReference;
import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RealmEventsConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.TestLdapConnectionRepresentation;
import org.keycloak.services.ErrorResponse;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.LDAPServerCapabilitiesManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.services.resources.admin.ext.AdminRealmResourceProvider;
@ -924,65 +919,6 @@ public class RealmAdminResource {
eventStore.clearAdmin(realm);
}
/**
* Test LDAP connection
*
* @param action
* @param connectionUrl
* @param bindDn
* @param bindCredential
* @return
*/
@Path("testLDAPConnection")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Deprecated
public Response testLDAPConnection(@FormParam("action") String action, @FormParam("connectionUrl") String connectionUrl,
@FormParam("bindDn") String bindDn, @FormParam("bindCredential") String bindCredential,
@FormParam("useTruststoreSpi") String useTruststoreSpi, @FormParam("connectionTimeout") String connectionTimeout,
@FormParam("componentId") String componentId, @FormParam("startTls") String startTls) {
auth.realm().requireManageRealm();
TestLdapConnectionRepresentation config = new TestLdapConnectionRepresentation(action, connectionUrl, bindDn, bindCredential, useTruststoreSpi, connectionTimeout, startTls, LDAPConstants.AUTH_TYPE_SIMPLE);
config.setComponentId(componentId);
boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm);
return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST);
}
/**
* Test LDAP connection
* @return
*/
@Path("testLDAPConnection")
@POST
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
public Response testLDAPConnection(TestLdapConnectionRepresentation config) {
boolean result = LDAPServerCapabilitiesManager.testLDAP(config, session, realm);
return result ? Response.noContent().build() : ErrorResponse.error("LDAP test error", Response.Status.BAD_REQUEST);
}
/**
* Get LDAP supported extensions.
* @param config LDAP configuration
* @return
*/
@POST
@Path("ldap-server-capabilities")
@NoCache
@Consumes(MediaType.APPLICATION_JSON)
@Produces(javax.ws.rs.core.MediaType.APPLICATION_JSON)
public Response ldapServerCapabilities(TestLdapConnectionRepresentation config) {
auth.realm().requireManageRealm();
try {
Set<LDAPCapabilityRepresentation> ldapCapabilities = LDAPServerCapabilitiesManager.queryServerCapabilities(config, session, realm);
return Response.ok().entity(ldapCapabilities).build();
} catch (Exception e) {
return ErrorResponse.error("ldapServerCapabilities error", Status.BAD_REQUEST);
}
}
/**
* Test SMTP connection with current logged in user
*

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractAdvancedBrokerTest.java
View file

@ -4,6 +4,7 @@ import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.models.IdentityProviderSyncMode;
@ -17,6 +18,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.Urls;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.federation.DummyUserFederationProviderFactory;
import org.keycloak.testsuite.util.ClientBuilder;
@ -576,6 +578,9 @@ public abstract class AbstractAdvancedBrokerTest extends AbstractBrokerTest {
*/
@Test
public void testWithLinkedFederationProvider() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
try {
updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.java
View file

@ -24,6 +24,7 @@ import java.util.Map;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.Profile;
@ -38,6 +39,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.util.KerberosRule;
import org.keycloak.testsuite.KerberosEmbeddedServer;
@ -49,7 +51,6 @@ import org.keycloak.testsuite.KerberosEmbeddedServer;
*/
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public class KerberosLdapTest extends AbstractKerberosSingleRealmTest {
private static final String PROVIDER_CONFIG_LOCATION = "classpath:kerberos/kerberos-ldap-connection.properties";
@ClassRule
@ -72,7 +73,11 @@ public class KerberosLdapTest extends AbstractKerberosSingleRealmTest {
return getUserStorageConfiguration("kerberos-ldap", LDAPStorageProviderFactory.PROVIDER_NAME);
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Test
public void spnegoLoginTest() throws Exception {

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosStandaloneTest.java
View file

@ -23,8 +23,10 @@ import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.constants.KerberosConstants;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.federation.kerberos.KerberosConfig;
@ -34,6 +36,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.KerberosEmbeddedServer;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.util.KerberosRule;
@ -55,6 +58,11 @@ public class KerberosStandaloneTest extends AbstractKerberosSingleRealmTest {
return kerberosRule;
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
protected CommonKerberosConfig getKerberosConfig() {

4
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.java
View file

@ -34,6 +34,7 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.Profile;
import org.keycloak.federation.kerberos.KerberosFederationProvider;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
@ -44,6 +45,7 @@ import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.services.messages.Messages;
import org.keycloak.services.resources.account.AccountCredentialResource;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils;
import org.keycloak.testsuite.util.TokenUtil;
@ -70,6 +72,8 @@ public class LDAPAccountRestApiTest extends AbstractLDAPTest {
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
httpClient = HttpClientBuilder.create().build();
}

7
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java
View file

@ -18,6 +18,7 @@
package org.keycloak.testsuite.federation.ldap;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
@ -30,6 +31,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.LDAPRule;
@ -61,6 +63,11 @@ public class LDAPLegacyImportTest extends AbstractLDAPTest {
return ldapRule;
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java
View file

@ -19,10 +19,12 @@ package org.keycloak.testsuite.federation.ldap;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientModel;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
@ -33,6 +35,7 @@ import org.keycloak.representations.IDToken;
import org.keycloak.storage.UserStoragePrivateUtil;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestConfiguration;
import org.keycloak.testsuite.util.LDAPTestUtils;
@ -67,6 +70,11 @@ public class LDAPMultipleAttributesTest extends AbstractLDAPTest {
return ldapRule;
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
protected void afterImportTestRealm() {

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPPasswordModifyExtensionTest.java
View file

@ -19,6 +19,7 @@
package org.keycloak.testsuite.federation.ldap;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
@ -36,6 +37,7 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapper;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AppPage;
@ -65,7 +67,6 @@ public class LDAPPasswordModifyExtensionTest extends AbstractLDAPTest {
return ldapRule;
}
@Override
protected void afterImportTestRealm() {
testingClient.server().run(session -> {
@ -97,6 +98,12 @@ public class LDAPPasswordModifyExtensionTest extends AbstractLDAPTest {
});
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Test
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public void ldapPasswordChangeWithAccountConsole() throws Exception {

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
View file

@ -19,6 +19,7 @@ package org.keycloak.testsuite.federation.ldap;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
@ -63,6 +64,7 @@ import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.AppPage;
@ -95,6 +97,12 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
return ldapRule;
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
protected void afterImportTestRealm() {
testingClient.server().run(session -> {

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest.java
View file

@ -20,12 +20,14 @@ package org.keycloak.testsuite.federation.ldap;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.LDAPConstants;
import org.keycloak.models.RealmModel;
@ -39,6 +41,7 @@ import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
@ -74,6 +77,12 @@ public class LDAPReadOnlyTest extends AbstractLDAPTest {
private TimeBasedOTP totp = new TimeBasedOTP();
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
protected void afterImportTestRealm() {
testingClient.server().run(session -> {

5
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest.java
View file

@ -23,6 +23,7 @@ import org.keycloak.authentication.authenticators.broker.IdpCreateUserIfUniqueAu
import org.keycloak.broker.saml.SAMLIdentityProviderConfig;
import org.keycloak.broker.saml.mappers.UsernameTemplateMapper;
import org.keycloak.broker.saml.mappers.UsernameTemplateMapper.Target;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.models.AuthenticationExecutionModel.Requirement;
@ -45,6 +46,7 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapperFactory;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.broker.KcSamlBrokerConfiguration;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.updaters.Creator;
@ -142,6 +144,9 @@ public class LDAPSamlIdPInitiatedVaryingLetterCaseTest extends AbstractLDAPTest
@Before
public void setupIdentityProvider() {
// don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
// Configure autolink flow
AuthenticationFlowRepresentation newFlow = new AuthenticationFlowRepresentation();
newFlow.setAlias(FLOW_AUTO_LINK);

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java
View file

@ -18,11 +18,13 @@
package org.keycloak.testsuite.federation.ldap;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.OAuth2Constants;
import org.keycloak.common.Profile;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.LDAPConstants;
@ -34,6 +36,7 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestConfiguration;
@ -93,6 +96,11 @@ public class LDAPSpecialCharsTest extends AbstractLDAPTest {
});
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support the legacy style federation
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Test
public void test01_userSearch() {

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.java
View file

@ -19,11 +19,13 @@
package org.keycloak.testsuite.federation.ldap;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExternalResource;
import org.junit.runners.MethodSorters;
import org.keycloak.common.Profile;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.models.LDAPConstants;
@ -33,6 +35,7 @@ import org.keycloak.models.ModelException;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableVault;
import org.keycloak.testsuite.Assert;
@ -111,6 +114,12 @@ public class LDAPUserLoginTest extends AbstractLDAPTest {
DEFAULT_TEST_USERS.put("VALID_USER_STREET", "1th Avenue");
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
protected void afterImportTestRealm() {
try {

9
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserMultipleCredentialTest.java
View file

@ -3,6 +3,7 @@ package org.keycloak.testsuite.federation.ldap;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
@ -11,6 +12,7 @@ import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory;
import org.keycloak.authentication.authenticators.browser.PasswordFormFactory;
import org.keycloak.authentication.authenticators.browser.UsernameFormFactory;
import org.keycloak.common.Profile;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
@ -18,6 +20,7 @@ import org.keycloak.models.credential.OTPCredentialModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.EnableVault;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.pages.LoginTotpPage;
@ -61,6 +64,12 @@ public class LDAPUserMultipleCredentialTest extends AbstractLDAPTest {
return ldapRule;
}
@Before
public void before() {
// don't run this test when map storage is enabled, as map storage doesn't support LDAP, yet
ProfileAssume.assumeFeatureDisabled(Profile.Feature.MAP_STORAGE);
}
@Override
protected void afterImportTestRealm() {
getTestingClient().server().run(session -> {